Changeset 3338594
- Timestamp:
- 08/03/2025 07:26:07 PM (8 months ago)
- Location:
- codenitive-captcha
- Files:
-
- 16 added
- 4 edited
-
assets/screenshot-4.jpg (added)
-
tags/1.0.5 (added)
-
tags/1.0.5/assets (added)
-
tags/1.0.5/assets/js (added)
-
tags/1.0.5/assets/js/checkout.js (added)
-
tags/1.0.5/assets/js/scripts.js (added)
-
tags/1.0.5/codenitive-captcha.php (added)
-
tags/1.0.5/includes (added)
-
tags/1.0.5/includes/class-captcha-config.php (added)
-
tags/1.0.5/includes/class-cf7-captcha.php (added)
-
tags/1.0.5/includes/class-comments-captcha.php (added)
-
tags/1.0.5/includes/class-csrf-secret.php (added)
-
tags/1.0.5/includes/class-forms.php (added)
-
tags/1.0.5/includes/class-settings.php (added)
-
tags/1.0.5/index.php (added)
-
tags/1.0.5/readme.txt (added)
-
trunk/codenitive-captcha.php (modified) (1 diff)
-
trunk/includes/class-captcha-config.php (modified) (3 diffs)
-
trunk/includes/class-forms.php (modified) (7 diffs)
-
trunk/readme.txt (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
codenitive-captcha/trunk/codenitive-captcha.php
r3334736 r3338594 4 4 * Plugin URI: https://wordpress.org/plugins/codenitive-captcha 5 5 * Description: Enhance your website’s security by integrating CAPTCHA verification into essential WordPress, WooCommerce, Contact form 7 (cf7) forms. This plugin helps prevent spam, bots, and unauthorized access by adding CAPTCHA challenges to key areas such as login, registration, password reset, checkout, and more. With built-in support for Google reCAPTCHA (v2), this plugin provides a seamless way to protect both the WordPress core and WooCommerce without disrupting the user experience. 6 * Version: 1.0. 46 * Version: 1.0.5 7 7 * Requires at least: 5.6 8 8 * Requires PHP: 7.4 -
codenitive-captcha/trunk/includes/class-captcha-config.php
r3334966 r3338594 176 176 ), $url ); 177 177 178 \wp_enqueue_script( 'codenitcaptcha-recaptcha-js', CODENITCAPTCHA_PLUGIN_DIR_URL . 'assets/js/scripts.js', array(), '1.0.9', true );178 \wp_enqueue_script( 'codenitcaptcha-recaptcha-js', CODENITCAPTCHA_PLUGIN_DIR_URL . 'assets/js/scripts.js', array(), CODENITCAPTCHA_VERSION, true ); 179 179 \wp_enqueue_script( 'google-recaptcha', $url, array( 'codenitcaptcha-recaptcha-js' ), CODENITCAPTCHA_VERSION, true ); 180 180 181 wp_localize_script('codenitcaptcha-recaptcha-js', 'CodenitCaptchaData', [181 \wp_localize_script('codenitcaptcha-recaptcha-js', 'CodenitCaptchaData', [ 182 182 'siteKey' => $this->get_site_key_v2(), 183 183 ]); … … 191 191 switch ( $message ) { 192 192 case 'captcha_required': 193 $output = __( 'The CAPTCHA was incorrect. Please try again.', 'codenitive-captcha' );193 $output = __( 'The CAPTCHA is required. Please try again.', 'codenitive-captcha' ); 194 194 break; 195 195 case 'captcha_invalid': 196 $output = __( 'The CAPTCHA was in correct. Please try again.', 'codenitive-captcha' );196 $output = __( 'The CAPTCHA was invalid. Please try again.', 'codenitive-captcha' ); 197 197 break; 198 198 case 'nonce_invalid': … … 243 243 } 244 244 245 if(isset($_POST['g-recaptcha-response'])){ 246 247 $response = \sanitize_text_field( \wp_unslash( $_POST['g-recaptcha-response'] ) ); 248 249 if (empty($response)) { 250 return array( 251 'status' => 'error', 252 'message' => 'captcha_required' 253 ); 245 //error_log(print_r($_POST['g-recaptcha-response'], true)); 246 247 if (!isset($_POST['g-recaptcha-response'])) { 248 return array( 249 'status' => 'error', 250 'message' => 'captcha_required' 251 ); 252 } 253 254 $response = sanitize_text_field( wp_unslash( $_POST['g-recaptcha-response'] ) ); 255 256 if (empty($response)) { 257 return array( 258 'status' => 'error', 259 'message' => 'captcha_required' 260 ); 261 } 262 263 $remoteip = ''; 264 265 if ( isset( $_SERVER['REMOTE_ADDR'] ) ) { 266 // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash 267 $remoteip = filter_var( $_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP ); 268 269 // If it's not a valid IP, fall back to empty string 270 if ( false === $remoteip ) { 271 $remoteip = ''; 254 272 } 255 256 $remoteip = ''; 257 258 if ( isset( $_SERVER['REMOTE_ADDR'] ) ) { 259 // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash 260 $remoteip = \filter_var( $_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP ); 261 262 // If it's not a valid IP, fall back to empty string 263 if ( false === $remoteip ) { 264 $remoteip = ''; 265 } 266 } 267 268 $verify = \wp_remote_post('https://www.google.com/recaptcha/api/siteverify', [ 269 'body' => [ 270 'secret' => $secret, 271 'response' => $response, 272 'remoteip' => $remoteip 273 ] 274 ]); 275 276 if (\is_wp_error($verify)) { 277 return array( 278 'status' => 'error', 279 'message' => 'verify_invalid' 280 ); 281 } 282 283 $result = \json_decode(\wp_remote_retrieve_body($verify)); 284 285 if (empty($result->success)) { 286 return array( 287 'status' => 'error', 288 'message' => 'captcha_invalid' 289 ); 290 } 273 } 274 275 $verify = wp_remote_post('https://www.google.com/recaptcha/api/siteverify', [ 276 'body' => [ 277 'secret' => $secret, 278 'response' => $response, 279 'remoteip' => $remoteip 280 ] 281 ]); 282 283 if (is_wp_error($verify)) { 284 return array( 285 'status' => 'error', 286 'message' => 'verify_invalid' 287 ); 288 } 289 290 $result = json_decode(wp_remote_retrieve_body($verify)); 291 292 //error_log(print_r($result, true)); 293 294 if (empty($result->success)) { 295 return array( 296 'status' => 'error', 297 'message' => 'captcha_invalid' 298 ); 291 299 } 292 300 } -
codenitive-captcha/trunk/includes/class-forms.php
r3334966 r3338594 39 39 if ( $this->config->get_wcc_login() == 1 ) { 40 40 \add_action('woocommerce_login_form', array($this, 'display_captcha'), 30); 41 \add_filter('woocommerce_process_login_errors', array($this, 'validate_login_captcha'), 10, 3);41 \add_filter('woocommerce_process_login_errors', array($this, 'validate_login_captcha'), 30, 3); 42 42 } 43 43 if ( $this->config->get_wcc_checkout() == 1 ) { … … 58 58 if ( $this->config->get_wp_login() == 1 ) { 59 59 \add_action('login_form', array($this, 'display_captcha'), 20); 60 \add_action('login_form', array($this, 'wp_login_hidden_field'), 21); 60 61 \add_action('authenticate', array($this, 'validate_wplogin_captcha'), 21, 3); 61 62 } … … 77 78 public function captcha_style(){ 78 79 // Register your own empty CSS file (optional) or attach to one you know is enqueued 79 \wp_register_style('codenitcaptcha-style', false, array(), '1.0. 4');80 \wp_register_style('codenitcaptcha-style', false, array(), '1.0.5'); 80 81 \wp_enqueue_style('codenitcaptcha-style'); 81 82 … … 86 87 public function captcha_checkout_script(){ 87 88 if( \function_exists('is_checkout') && \is_checkout()) { 88 \wp_register_script( 'codenitcaptcha-script-checkout', CODENITCAPTCHA_PLUGIN_DIR_ASSETS_URL.'js/checkout.js', array(), 0.00002, true );89 \wp_register_script( 'codenitcaptcha-script-checkout', CODENITCAPTCHA_PLUGIN_DIR_ASSETS_URL.'js/checkout.js', array(), CODENITCAPTCHA_VERSION, true ); 89 90 \wp_enqueue_script( 'codenitcaptcha-script-checkout' ); 90 91 \wp_localize_script( 'codenitcaptcha-script-checkout', 'codenitcaptcha_captcha_obj', array( … … 100 101 public function wp_forgot_password_hidden_field() { 101 102 echo '<input type="hidden" name="wp_forget" value="wp">'; 103 } 104 105 public function wp_login_hidden_field(){ 106 echo '<input type="hidden" name="codenit_wp_login" value="codenit-wp-login">'; 102 107 } 103 108 … … 113 118 $captcha = '<div class="g-recaptcha codenitcaptcha-recaptcha" data-sitekey="' . esc_attr($this->config->get_site_key_v2()) . '"></div>'; 114 119 } 115 116 echo \wp_kses_post( \wp_nonce_field( 'codenitcaptcha_action', 'codenitcaptcha_nonce' )); 120 121 $nonce = \wp_create_nonce('codenitcaptcha_action'); 122 echo '<input type="hidden" name="codenitcaptcha_nonce" value="'.esc_attr( $nonce ).'" />'; 123 124 //echo \wp_kses_post( \wp_nonce_field( 'codenitcaptcha_action', 'codenitcaptcha_nonce' )); 117 125 echo \wp_kses_post( $captcha ); 118 126 … … 128 136 129 137 public function validate_wplogin_captcha($user, $username, $password) { 130 $response = $this->config->verify_captcha(); 131 if (isset($response['status']) && $response['status'] === 'error') { 132 return new \WP_Error('captcha_invalid', $this->config->messages($response['message'])); 138 if(isset($_POST['codenit_wp_login'])){ 139 $response = $this->config->verify_captcha(); 140 if (isset($response['status']) && $response['status'] === 'error') { 141 return new \WP_Error('captcha_invalid', $this->config->messages($response['message'])); 142 } 133 143 } 134 144 return $user; -
codenitive-captcha/trunk/readme.txt
r3334738 r3338594 5 5 Tested up to: 6.8.2 6 6 Requires PHP: 7.4 7 Stable tag: 1.0. 47 Stable tag: 1.0.5 8 8 License: GPLv2 or later 9 9 License URI: https://www.gnu.org/licenses/gpl-2.0.html … … 124 124 * Add reCAPTCHA security for Contact form 7 (cf7) 125 125 126 = 1.0.5 = 127 * Fix login captcha 128 126 129 == Upgrade Notice == 127 130 … … 138 141 * Add reCAPTCHA security for Contact form 7 (cf7) 139 142 143 = 1.0.5 = 144 * Fix login captcha 145 140 146 == Feedback == 141 147
Note: See TracChangeset
for help on using the changeset viewer.